Skip to content

Hooking

Jump to bottom
exotic edited this page Feb 2, 2024 · 1 revision

Hooking

Hooking is a core concept in reverse engineering. I will only talk about Java 8 hooking here as Java 17 is a little different and uses the .jmod file format.

Classes that are part of Java's implementation (e.g. java.lang.System) in Java 8 are inside of a file called rt.jar which is located in your Java installation path, in my case it is in:

C:/Program Files/Zulu/zulu-8/jre/lib

it should be like that for every Java installation, of course if you use a Unix operating system the filesystem will be different but the actual path to the rt.jar will stay the same.

General hooking (constructors, methods)

So let's say you found a piece of code that does something like this:

/*
In a real world scenario this would likely be obfuscated which is why you need to hook.
*/
String information = "Super secret information";
JavaClass instance = new JavaClass(information);

in this case JavaClass is a general class from the Java implementation and could be anything. Now what you will have to do to extract what the information string actually means is to hook the constructor of JavaClass, let's say the constructor of it looks like this:

public JavaClass(String information) {
   // we perform something with the 'information' variable.
}

To hook this constructor what we have to do is in some way log the information that would be passed through the constructor at runtime, my usual go-to is the println() method:

public JavaClass(String information) {
   System.out.println("extracted information: " + information);
   // we do something with the 'information' variable.
}

and there you go, now once we run this we will get whatever goes through this constructor printed right on our console.

The approach stays the same for methods, let's say we have a piece of code like this:

String information = "Super secret information";
JavaClass.processInfo(information);

This is a static call meaning it uses invokestatic in bytecode which we learned about previously, although it does not matter if the method is invoked through an instance or statically.

Let's say that processInfo() looks something like this:

public static processInfo(String information) {
   // we do something with the 'information' variable.
}

now the approach stays the same, all we have to do is add our println() call to the method's start.

public static processInfo(String information) {
   System.out.println(information);
   // we do something with the 'information' variable.
}

and that is it! Now you know how to hook methods and constructors to print out any valuable information that is passed through them, although this isn't the only use for hooking, hooking can be used in many scenarios including changing code of a method or constructor to do more than it was originally intended to, or possibly less, whatever the case is hooking is a great technique to know about.

Just be careful hooking any native or very internal methods as they can break certain things that you don't want breaking.

Clone this wiki locally